kontextual-engine/docs/cmis-opencmis-tck-implementation-evidence-2026-05-08T092113Z.md

# CMIS OpenCMIS TCK Implementation Evidence

Run timestamp: 2026-05-08T09:21:13Z
Local timestamp: 2026-05-08T11:21:13+02:00
Status: `KONT-WP-0013` implementation evidence captured

## Purpose

Persist the implementation outcome for the CMIS Browser Binding TCK
compatibility workplan. This document supersedes the initial blocker report in
`docs/cmis-opencmis-tck-assessment-2026-05-08T063312Z.md` for the current
`kontextual-engine` state.

## Implementation Summary

The CMIS adapter now exposes a Browser Binding-shaped compatibility surface for
the `compat-tck` profile instead of leaking native snake_case DTOs on the
compatibility route.

Implemented changes:

- Browser Binding service document keyed by repository ID.
- CMIS field names for repository info, capabilities, extended features, type
  definitions, object properties, ACLs, parents, query results, and root folder
  projections.
- Selector handling for `repositoryInfo`, `typeChildren`, `typeDescendants`,
  `typeDefinition`, `query`, `object`, `children`, `parents`, `properties`,
  `allowableActions`, `policies`, and `content`.
- `compat-tck` repository ID alignment between the engine profile and the
  OpenCMIS target profile.
- Root folder and virtual-folder projections that include the properties
  advertised by the `cmis:folder` type definition.
- `includePropertyDefinitions` handling for type-list selectors.
- FastAPI OpenAPI generation fix for streaming routes.
- Internal regression coverage for Browser Binding selectors and OpenAPI route
  generation.

## Final OpenCMIS Run

Guide Board live run:

- Run ID: `run-20260508T092113Z`
- Run directory: `/tmp/open-cmis-tck-kontextual-fix6-20260508`
- Assessment status: `completed`
- Target: `kontextual-cmis-compat`
- Assessment: `cmis-browser-baseline`
- Browser Binding URL: `http://127.0.0.1:8010/cmis/compat-tck/browser`
- Repository ID: `compat-tck`

Guide Board summary:

- `pass: 1`
- `warning: 1`
- `skipped: 1`
- unexpected findings: `0`

Mapped groups:

- Repository and type metadata: `warning`
- Object and content services: `skipped`

Normalized OpenCMIS case counts:

- `repository-type`: `38 pass`, `2 info`, `2 skipped`, `1 warning`, `0 fail`
- `object-content`: `22 skipped`, `0 fail`

The remaining repository/type warning is local transport only:

```text
HTTPS is not used. Credentials might be transferred as plain text!
```

The object/content group skips because the compatibility profile does not make
the `cmis:folder` base type creatable. This is an intentional boundary for the
current profiled adapter: governed document creation and content stream updates
exist through the current engine-backed routes, but full CMIS CRUD scaffolding
for TCK-created folders is not in scope yet.

## Scorecard

Generated scorecard:

- Path: `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/cmis-maturity-scorecard.md`
- Maturity score: `23.81`
- Coverage: `2/9` groups, `22.22%`
- Repository and type metadata: `partial`, score `3/4`
- Object and content services: `not_automated`, score `2/4`

Interpretation:

- The original protocol blocker is resolved: OpenCMIS can create a Browser
  Binding session and execute selected checks.
- The current score remains low because only two groups are selected in the
  baseline and one group is intentionally skipped by profile capability.
- The scorecard is preparation evidence, not CMIS certification.

## Commands

Focused internal CMIS regression suite:

```bash
cd /home/worsch/kontextual-engine
.venv/bin/python -m pytest tests/cmis --perf-history-disable
```

Result:

```text
45 passed
```

Live OpenCMIS run:

```bash
cd /home/worsch/guide-board
source /home/worsch/open-cmis-tck/.local/toolchains/env.sh
PYTHONPATH=src python3 -m guide_board \
  --extension-dir ../open-cmis-tck \
  run \
  --target /tmp/kontextual-cmis-compat-8010.json \
  --assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \
  --output-dir /tmp/open-cmis-tck-kontextual-fix6-20260508
```

Scorecard generation:

```bash
cd /home/worsch/open-cmis-tck
PYTHONPATH=src python3 scripts/cmis_scorecard.py \
  --run-dir /tmp/open-cmis-tck-kontextual-fix6-20260508
```

## Evidence Artifacts

The `/tmp` run artifacts are useful local evidence but may be ephemeral:

- `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/report.md`
- `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/cmis-maturity-scorecard.md`
- `/tmp/open-cmis-tck-kontextual-fix6-20260508/normalized/evidence.json`
- `/tmp/open-cmis-tck-kontextual-fix6-20260508/normalized/findings.json`
- `/tmp/open-cmis-tck-kontextual-fix6-20260508/artifacts/open-cmis-tck/tck/repository-type/normalized-runner-result.json`
- `/tmp/open-cmis-tck-kontextual-fix6-20260508/artifacts/open-cmis-tck/tck/object-content/normalized-runner-result.json`

## Remaining Boundary Gaps

These are not regressions in the current workplan; they are next-scope choices:

- Configure a durable local target profile or harness parameter for the
  `kontextual-engine` test port instead of using a temporary `/tmp` profile.
- Decide whether the `compat-tck` profile should support CMIS `createFolder`
  purely to exercise more CRUD/content TCK cases.
- Expand OpenCMIS selected groups beyond `repository-type` and
  `object-content` once the targeted capability boundary is agreed.
- Harden `open-cmis-tck` preflight in the sister repository so native-shaped
  repository-info responses are rejected before Maven invocation.
- Add HTTPS or a local warning waiver only when transport-security evidence
  matters for a deployment profile.

## Conclusion

`KONT-WP-0013` achieved its main purpose for `kontextual-engine`: OpenCMIS no
longer fails at session creation, the repository/type group parses and executes,
the object/content group reaches parsed TCK cases, and the remaining gaps are
capability-scope decisions rather than protocol-shape crashes.